Everyone who creates a machine or a cluster in RONIN has a superpower: the ability to become somebody else. Another user on that computer, that is, including the supreme superuser who has permissions to do anything, whose name is "root".
Users on a Linux system have unique user names that identify them from other users. The user name is usually reflected in the path of their home directories, and shows up in many Linux commands to identify who is running a process or who has access to files. You can check what your current username is at any time using the
While most users have rather limited permissions to access their own files and run applications, root is a user who has the ability to do practically anything, including installing systems software and granting and revoking permissions for other users. Similar to a user with administrator privileges on a standard PC.
Because the root user has such power, in most Linux installations root has no password, and instead regular users become root temporarily by running the program
sudo. For example, the utility
wget is useful for scripting the download of web files. To be able to install this utility on the system, you need root level privileges. Hence, as a regular user, you need to use the
sudo command to install the program on your machine as follows:
sudo apt install wget
This command will ask for your password, check that you have permissions to run
sudo (which you are automatically granted when creating machines using RONIN), and execute the installation command as root. Behind the scenes, it will log the commands you have executed.
Now notice that if you quickly run another command using
sudo, you won't be asked for your password. The command will remember your password for a default timeout period of some minutes.
sudo stands for "superuser do" if you are a purist and "substitute user do" if you are openminded. The latter is an interpretation that occurred later, because su is a command that lets you become another user.
Why do I care?
When you create a computer on the cloud, you are typically the only user, and your username is probably something nondistinct like "ubuntu", "centos" or "ec2-user" rather than "gandolf", "wallaby" or "fred". However, you will probably need to run some system-level commands to install software on your computer, as described above. The best way to do this is to elevate your privileges by prefixing the commands that should be run as root by using
sudo in front of the command. If your only experience with Linux is using a system that was shared among multiple users, you may never have learned how to control the sudo power. It may be tempting to abuse this power, running
sudo /bin/bash or
sudo su, to become root within a terminal shell and never looking back. Alas, with great power comes great responsibility, and I am here to lecture you about this.
A good rule of thumb is to try a command without
sudo, and if it works and does what is expected, just do that. There are two reasons to take this strategy. First, you can accidentally do a lot of damage running a command with
sudo if your attention lapses. Although it's much faster and easier to restore and replace a cloud computer than a physical computer, it's still even easier to type
rm -r * in the wrong directory and lose everything you didn't save. Second, the files that you create while masquerading as root will be owned by root, and will probably have permissions that protect them from your non-root self. This can cause errors when trying to read files, write files, and delete files when you change back. If you are not a Linux permissions expert — and who among us really is — this is not a good place to be. You might be tempted to fix this by sudo'ing to root and staying there, and then risk accidentally doing a lot of damage.
Why not compromise by disabling
sudo from asking for your password each time? It's less typing, but it's a way to think twice about your actions until you are very comfortable. And as an important bonus, if you disable you can put the command
sudo shutdown at the end of your long-running scripts to shut down the machine when your jobs are done.
Find your username on your RONIN machine by typing:
Then edit the master file
/etc/sudoers as root. This must be done with a special command that makes sure this file doesn't get screwed up, because as you might imagine that could become hard to fix:
Now add the following line to the end of this file, replacing "ubuntu" with your username if your username is something different (e.g. "ec2-user"):
ubuntu ALL=(ALL) NOPASSWD:ALL
Done! No more pesky password prompts.
What kind of commands should be run as root? Some common examples are below.
- Commands that control the system, such as
shutdownmust be run as root.
- Commands to install or remove software in system directories (in contrast to your home directory), such as
- Commands to access protected system files, such as system logs
- Commands to kill processes that you do not own (be careful!)
- Commands to create and remove users
Learning when and how to use
sudo helps minimize the chance of accidentally breaking your cloud machine and creating permissions errors that can be difficult to fix. It is also important for working in environments where you can want to put your new Linux system administration skills to use, but share a machine or cluster with other distinct users at the same time.
Now go forth and